Verifying stack pointer
Abstract
An apparatus comprises: processing circuitry to perform data processing in one of a plurality of security domains including at least a secure domain and a less secure domain, and memory access checking circuitry to check whether a memory access is allowed depending on security attribute data indicating which domain is associated with a target address. In response to a given change of program flow from processing in the less secure domain to a target instruction having an address associated with the secure domain: a fault is triggered when the target instruction is an instruction other than a gateway instruction indicating a valid entry point to the secure domain. When the target instruction is said gateway instruction, a stack pointer verifying action is triggered to verify whether it is safe to use a selected stack pointer stored in a selected stack pointer register.
Claims
exact text as granted — not AI-modifiedThe invention claimed is:
1. An apparatus comprising:
processing circuitry to perform data processing in one of a plurality of security domains including at least a secure domain and a less secure domain;
memory access checking circuitry to check whether a memory access is allowed depending on security attribute data indicative of which of the plurality of security domains is associated with a target address of the memory access; and
at least one stack pointer register to store a stack pointer indicative of a stack data structure in memory; in which:
in response to a given change of program flow from processing in the less secure domain to a target instruction having an instruction address associated with the secure domain:
when the target instruction is an instruction other than a gateway instruction indicative of a valid entry point to the secure domain, the processing circuitry configured to trigger a fault; and
when the target instruction is said gateway instruction, the processing circuitry is configured to trigger a stack pointer verifying action to verify whether it is safe to use a selected stack pointer stored in a selected stack pointer register;
in response to said given change of program flow, when the target instruction is the gateway instruction, the processing circuitry is configured to perform re-entrancy checking in response to the gateway instruction;
the re-entrancy checking comprising triggering a fault when a value loaded from an address derived from the selected stack pointer is at least one integrity signature value.
2. The apparatus according to claim 1 , in which said stack pointer verifying action comprises triggering a permissions check to check whether a load request, which requests loading of a value from the address derived from the selected stack pointer stored in the selected stack pointer register, would be permitted.
3. The apparatus according to claim 2 , in which the processing circuitry is configured to operate at one of a plurality of privilege levels; and
the memory access checking circuitry is configured to trigger a fault if a selected set of access permissions applicable to the target address specify that a selected privilege level is prohibited from accessing the target address.
4. The apparatus according to claim 3 , in which:
the processing circuitry is configured to perform data processing in one of a plurality of modes of operation; and
said selected privilege level comprises a privilege level associated with processing in a combination of the secure domain and a current mode of operation of the processing circuitry at a time of said given change of program flow.
5. The apparatus according to claim 3 , in which said selected set of access permissions comprises a set of access permissions applicable to the target address when a current domain of the processing circuitry is the secure domain.
6. The apparatus according to claim 2 , in which said target address equals the selected stack pointer.
7. The apparatus according to claim 1 , in which in response to said given change of program flow, when the target instruction is the gateway instruction:
the processing circuitry is configured to determine whether or not to perform the re-entrancy checking in response to the gateway instruction based on a re-entrancy checking enable value specifying whether the re-entrancy checking is enabled or disabled.
8. The apparatus according to claim 1 , in which in response to said given change of program flow, when the target instruction is the gateway instruction:
the processing circuitry is configured to trigger said permissions check for the address derived from the selected stack pointer even when the re-entrancy checking enable value specifies that re-entrancy checking is disabled.
9. The apparatus according to claim 1 , comprising exception control circuitry responsive to an exception condition to perform one of a plurality of exception entry transitions selected based at least on a current security domain of the processing circuitry, where for at least a subset of the plurality of exception entry transitions, the exception control circuitry is configured to trigger saving of a stack frame including said integrity signature value to a stack data structure identified by the stack pointer stored in said at least one stack pointer register.
10. The apparatus according to claim 1 , comprising exception control circuitry responsive to an exception return condition to perform one of a plurality of exception return transitions selected based at least on a security domain associated with the exception return condition, where for at least a subset of the plurality of exception return transitions, the exception control circuitry is configured to perform integrity signature checking comprising accessing a stack frame from a given stack data structure selected for that exception return transition and triggering a fault when a mismatch is detected between the value at a predetermined position in the accessed stack frame and said at integrity signature value.
11. The apparatus according to claim 1 , in which the re-entrancy checking also comprises triggering a fault when a stack pointer selection value, for determining which stack pointer register to use for stacking or unstacking architectural state, has a predetermined value.
12. The apparatus according to claim 11 , in which:
within a given security domain, the processing circuitry is configured to perform data processing in one of a plurality of modes, including a handler mode for exception processing and a thread mode for background processing;
the apparatus comprises exception control circuitry responsive to an exception condition to trigger storage of architectural state data to:
a process stack data structure identified by a stack pointer stored in a process stack pointer register when the exception condition occurs in the thread mode and the stack pointer selection value has a first value; and
a main stack data structure identified by a stack pointer stored in a main stack pointer register when the exception condition occurs in the thread mode and the stack pointer selection value has a second value; and
said predetermined value comprises the second value.
13. The apparatus according to claim 12 , in which in response to at least one secure thread mode to secure handler mode exception entry transition, the exception control circuitry is configured to update the stack pointer selection value to the second value.
14. The apparatus according to claim 1 , in which in response to a change of program flow from processing in the secure domain to a gateway instruction having an instruction address associated with the secure domain, the processing circuitry is configured to omit the re-entrancy checking.
15. The apparatus according to claim 1 , in which within a given security domain, the processing circuitry is configured to perform data processing in one of a plurality of modes, including a handler mode for exception processing and a thread mode for background processing;
the apparatus comprises exception control circuitry responsive to an exception condition to trigger storage of architectural state data to:
a process stack data structure identified by a stack pointer stored in a process stack pointer register when the exception condition occurs in the thread mode and a stack pointer selection value has a first value; and
a main stack data structure identified by a stack pointer stored in a main stack pointer register when the exception condition occurs in the thread mode and the stack pointer selection value has a second value; and
said stack pointer verifying action comprises triggering a fault when the stack pointer selection value has the second value.
16. The apparatus according to claim 1 , in which in response to said given change of program flow, when the target instruction is the gateway instruction and at least one security check performed in response to the gateway instruction is passed, the processing circuitry is configured to trigger a switch of a current security domain from the less secure domain to the secure domain.
17. The apparatus according to claim 1 , in which:
in response to said given change of control flow, when the target instruction is said gateway instruction, the processing circuitry is configured to trigger said stack pointer verifying action at least when said processing circuitry is in a predetermined mode of operation.
18. The apparatus according to claim 17 , in which within a given security domain, the processing circuitry is configured to perform data processing in one of a plurality of modes, including a handler mode for exception processing and a thread mode for background processing; and
said predetermined mode of operation comprises the thread mode.
19. The apparatus according to claim 17 , in response to said given change of control flow, when the target instruction is said gateway instruction, the processing circuitry is configured to omit said stack pointer verifying action when said processing circuitry is in a mode of operation other than said predetermined mode of operation.
20. A data processing method for processing circuitry capable of performing data processing in one of a plurality of security domains including at least a secure domain and a less secure domain, for which checking of whether a memory access is allowed is dependent on security attribute data indicative of which of the plurality of security domains is associated with a target address of the memory access, the method comprising:
in response to a given change of program flow from processing in the less secure domain to a target instruction having an instruction address associated with the secure domain:
determining whether the target instruction is a gateway instruction indicative of a valid entry point to the secure domain;
in response to the target instruction being an instruction other than said gateway instruction, triggering a fault; and
in response to said given change of program flow and the target instruction being said gateway instruction, triggering a stack pointer verifying action to verify whether it is safe to use a selected stack pointer stored in a selected stack pointer register and performing re-entrancy checking in response to the gateway instruction,
the re-entrancy checking comprising triggering a fault in response to a value loaded from an address derived from the selected stack pointer being at least one integrity signature value.
21. A non-transitory computer-readable storage medium storing a computer program for controlling a host data processing apparatus to provide an instruction execution environment for execution of instructions; the computer program comprising:
processing program logic to support data processing in one of a plurality of security domains including at least a secure domain and a less secure domain;
memory access checking program logic to check whether a memory access is allowed depending on security attribute data indicative of which of the plurality of security domains is associated with a target address of the memory access; and
register emulating program logic to control access to a memory of the host data processing apparatus to simulate accesses to simulated architectural registers of a target architecture simulated by the computer program, said simulated architectural registers comprising at least one stack pointer register for storing a stack pointer indicative of a stack data structure in memory; in which:
in response to a given change of program flow from processing in the less secure domain to a target instruction having an instruction address associated with the secure domain:
when the target instruction is an instruction other than a gateway instruction indicative of a valid entry point to the secure domain, the processing program logic is configured to trigger a fault; and
when the target instruction is said gateway instruction, the processing program logic is configured to trigger a stack pointer verifying action to verify whether it is safe to use a selected stack pointer associated with a selected stack pointer register of said simulated architectural registers; and
in response to said given change of program flow, when the target instruction is the gateway instruction, the processing circuitry is configured to perform re-entrancy checking in response to the gateway instruction,
the re-entrancy checking comprising triggering a fault when a value loaded from an address derived from the selected stack pointer is at least one integrity signature value.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.